Passwords are widely used in Web and other applications to authenticate a user to Web or other servers. With an increasing number of applications being available online, users must remember more passwords. For the sake of security, a password should be strong, i.e., it should have high entropy, in order to resist dictionary attacks. Additionally, different passwords should be used for different accounts to resist common password attacks in which adversaries use phishing sites or compromise a weakly protected server to obtain the password shared among several accounts. A strong password is hard to remember. Remembering and managing many strong passwords for several accounts is especially challenging. As a result, many people tend to use weak passwords and reuse the same password for many accounts. Password management is an increasingly important issue, especially for Web applications.
Several approaches have been proposed to help users manage passwords for both security and convenience. One approach allows a user to have different passwords for different programs and Web sites without having to remember their user names and passwords. It encrypts all user names and passwords by a master password, which is required to release an encrypted user name and password when logging into a server. Most browsers provide an “auto-complete” feature which securely saves users' passwords in a local password database for variable Web sites, and automatically completes the user name and password fields for the user when the user tries to log into the same Web page. Some approaches add a Web browser extension to generate different passwords for different Web sites from a single password entered by a user by hashing the user-entered password with a Web site's domain name. Password-based authenticated key exchange protocols are also proposed to protect against dictionary attacks by sniffing the login messages even if the password is of low entropy. These techniques require several rounds of exchanging messages. A server has to be modified to use such a type of technique.
The above techniques use a static password in user authentication. A more secure technique is to use dynamic passwords. One example of dynamic password generation uses a tamper-resistant carry-on device to generate a one-time password periodically, such as every 60 seconds. This approach requires time synchronization between a client device and the server.
Another way to enhance the security of user authentication is to use multiple factors. User authentication relies on one or more of the following three factors: something a user knows (e.g., a password), something a user has (e.g., a smartcard), and something a user is (e.g. a fingerprint). Password-based authentication is single-factor authentication, i.e., something that a user knows. U.S. federal banking regulators have concluded that a basic user ID and password are not enough to protect against fraud in on-line banking. In two-factor authentication, one factor is usually something one knows, such as a password, the other factor can be either something one has, such as a smartcard, or something one is, e.g., a fingerprint. Security is enhanced with two-factor authentication at the cost of higher deployment complexity and less user convenience. Biometric information is used in user authentication for certain applications, but is not suitable for many other applications since it is hard to renew biometric information once it leaks out. Smartcard-based password authentication has been actively studied recent years. Some techniques use a smartcard to compute a login credential from the user name and password entered by a user. In smart card security applications, complex calculation of exponentials is required, and the server has to be modified to support these authentication techniques. In addition, a smartcard reader is required. As a result, smart cards are not widely used in Web applications.